Welcome to Financial Advisor IQ

Here’s What Keeps Morgan Stanley’s Regulatory Exam Head Awake at Night

By Rita Raagas De Ramos May 24, 2019

Four things are keeping Morgan Stanley’s regulatory exam head awake at night: the SEC’s pending Regulation Best Interest; cybersecurity and technology; employee activities; and senior investors.

“You don’t know what you don’t know and that’s what keeps me up at night,” Andrew Lipton, executive director and head of Americas market/conduct regulatory relations group at Morgan Stanley, said earlier this month at Finra’s annual conference in Washington, D.C.

With regard to Reg BI, Lipton is most preoccupied with the contents of the final rule, how it “plays out” with the suitability rule and how brokers will have to “deal” with the new rule.

Lipton said he is also keen to see how Reg BI “interacts” with the various fiduciary rule initiatives from states like Nevada and New Jersey “and how that will affect our offices around the country.”

As reported, the fundamental problem the SEC is “trying to tackle” is how financial professionals can provide advice in the face of conflict, according to Lourdes Gonzalez, assistant chief counsel for sales practices, a division of the SEC’s trading and markets division.

“Everybody who’s an agent has a conflict. It is inherent in the agent relationship,” Gonzalez said at the conference, referring to financial professionals who provide investment or product advice in exchange for compensation.

Reg BI — which is in the final stages of rule-making — is trying to address conflicts that arise out of the financial incentives of brokers, such as trading too much or recommending products that are too expensive, according to Gonzalez.

When it comes to cybersecurity and technology concerns, Lipton said one of the key solutions is finding people who “know the law and technology,” which is “an interesting skillset.”

Finra has said it continues to see “problematic” cybersecurity practices in its examination and risk monitoring program. In December, Finra published a report of selected cybersecurity practices where it offered guidance on cybersecurity controls in branch offices; methods of limiting phishing attacks; identifying and mitigating insider threats; elements of a strong penetration-testing program; and establishing and maintaining controls on mobile devices.

Meanwhile, employee activities — including outside business activity — is also a top concern for Lipton.

In his role, Lipton said he oversees the team that deals with regulatory exams and continuous monitoring for the retail, institutional and investment banking business of Morgan Stanley throughout the Americas.

Jennifer Luginbill, associate district director of Finra’s Kansas City district office, said at the conference that many of the findings the self-regulator has in the outside business activity area, generally speaking, stem either from representatives who don’t disclose or from member firms who either fail to record or accurately review the disclosures from their representatives.


Morgan Stanley’s Lipton said firms can help make disclosure easier for their representatives by having a “robust system where the documentation and all the information flows through so when Finra comes in to audit you can just print it out for them.”

Meanwhile, without elaborating, Lipton said senior investor protection is “not going to fall off our priorities any time soon."

Finra rolled out two key senior investor protection initiatives last year. One is Finra Rule 2165, which lets broker-dealer firms place temporary holds on disbursements of funds or securities from the accounts of specified customers if there is reasonable belief of financial exploitation of these customers by third parties. Another is Finra Rule 4152, which requires broker-dealer firms to ask a customer for a trusted contact person. It’s been a little over a year since those rules were implemented.